IamCraig.com Rotating Header Image

IT

Information on information technology. Mostly a collection of how-to — or, how-I-did — articles.

Port 25 open on Shaw connection

While doing some mail server testing, I happened to notice that port 25 outbound on my run-of-the-mill, consumer grade, non-static Shaw connection is open. I wonder if this is a mistake, or if they’ve abandoned the practice.

Block outbound email to a specific domain with qmail

With Sendmail, I can block all email from (a sending domain to the server in question) and to a (foreign) domain using the /etc/mail/access file. However, apparently, it’s not so simple with qmail. Further complicating my need to prevent all users on one of my systems (which uses qmail) from sending email to certain domains is the fact that the system also uses Plesk, so I didn’t really want to start messing around with patching qmail and risk breaking something to do with Plesk.

After a fair bit of research I settled on a workaround using /var/qmail/control/smtproutes to artificially direct email sent to those domains from my qmail system to another mail server under my control, where the emails are rejected during the SMTP dialogue (because they’re not configured on that mail server, of course), thereby being bounced immediately to the sender.

If /var/qmail/control/smtproutes doesn’t exist on your server (it shouldn’t by default) you can create it with the following contents, or add the following contents to an existing file:

bad-domain.com:mx.your-other-domain.com

The file should be owned by the same user and group as most of the other configuration files in the “control” directory.

In this example you want to stop users from sending email to bad-domain.com email addresses, and you control an external mail server at mx.your-other-domain.com. When a user tries to send email to a bad-domain.com address, the sending mail server will not look up the MX record for bad-domain.com, instead routing the email to mx.your-other-domain.com. Because mx.your-other-domain.com is not configured to accept or relay email for bad-domain.com, it will reject it.

Caution: DO NOT route email to a mail server that is not yours. This will likely be considered spam by that mail server’s administrator, and the IP address of your mail server will then likely be blocked and perhaps added to more widely-distributed blacklists. If you don’t control another mail server you could route the forbidden email to a non-existent domain, such as no-such.domain or dev.null or bogus.invalid. To make the bounce message a little more helpful to the receiver (i.e., the original sender), perhaps make up a bogus domain like “Sending-to-that-domain-is.prohibited” which, on some systems, will return a bounce message that might include text like this:

Sorry, I couldn’t find any host named Sending-to-that-domain-is.prohibited.

Do not use a non-existent domain on a real top-level domain (e.g., v539bq59vb45.com, or some other string of randomly-typed characters followed by a real TLD), because there is no guarantee that domain won’t be registered and used in the future. Avoid using even your own real domain that you’re not using (unless you set up some unique but descriptive sub-domain such as “this-is-a-bogus-mx-vb49w4.example.com”), as you may use it in the future and forget that you’re directing email to it. That could result in mail loops if you end up hosting the domain on the same mail server, or being blacklisted if you host it with a third party or allow it to expire and it’s registered and used by someone else.

Anyway, having another mail server to use, I’m sticking with using that to cause the messages to bounce back.

Some assistance in coming up with this idea came from this thread at boardreader.com.

Have a comment or a better idea? Let me know in the comments.

Oh, the irony

So there I was, surfing the Web looking for information related to ambulances in British Columbia, when I came across the BC Ambulance Service’s page on treatment guidelines. Being the curious type, I downloaded a PDF copy of said treatment guidelines to have a quick look.

But instead of a document about treatment guidelines, this is all that the 2.2 MB file displayed to me in my current PDF reader of choice:

For the best experience, open this PDF portfolio in Acrobat 9 or Adobe Reader 9, or later.

For the best experience, open this PDF portfolio in Acrobat 9 or Adobe Reader 9, or later.

Now, given the size of the file and the fact that the size matches what is stated on the BCAS website, the content of the PDF is obviously there on my computer, but the BCAS (presumably) have (in their infinite wisdom) deemed that I can only “best experience” (excuse me while I throw up) their document in Acrobat Reader! This is indeed ironic, given that “PDF” stands for “portable document format” and, according to page 33 of Adobe’s own specification, “PDF is a file format for representing documents in a manner independent of the application software, hardware, and operating system used to create them and of the output device on which they are to be displayed or printed.” (It also reads, on page 25, “The goal of these products [Adobe Acrobat] is to enable users to exchange and view electronic documents easily and reliably, independently of the environment in which they were created.”)

So, apparently, the portable document format isn’t actually very portable.

I refuse to install Adobe Acrobat Reader on my primary machine. It is the poster child for “bloatware“; when all you want to do is have a quick look at a PDF document, or all you want to do is open a one-page document (like the invoices I prepare in my business), you have to load this behemoth of a program, wait and wait and wait some more while your hard disk grinds on forever, only to use one per cent of the program’s features (when it finally opens) and take less time to look at the document than it took to open it. And let’s not forget about the constant updates to the ninety-nine per cent of the application you don’t use, and Adobe’s habit of getting their sticky fingers into the very heart of your operating system. No thanks.

If Adobe produced a “light” version of Acrobat Reader (which is itself a light version of Acrobat, a program used to create PDFs) I’d consider using it. Until then I should at least acknowledge Adobe for making the portable document format an open standard, allowing me the choice to use other software to view PDFs.

And you, BC Ambulance Service? How about making your portable-document-format document portable? I don’t want to “experience” your document singing and dancing; I just want to read it. At least let me have a second class “experience” in my chosen PDF reader. Thank-you.


Update, 3 May 2012: Wouldn’t you know it. The day after I wrote this, Foxit Reader prompted me to install a security update. After the update I thought I’d see what happens when I open the same file. Lo and behold! Turns out that it appears that a “PDF portfolio” is (as the name might suggest) a portfolio or collection of PDF documents in one container (file), and one needs to view the “attachments” to see and open the individual PDF documents. The original display (see above) certainly didn’t suggest that, and the inclusion of the Adobe logo made me believe that here I had a document created in Adobe Acrobat that refused to be displayed in non-Adobe PDF readers.

Turns out I was wrong. Not sure if I should blame Foxit Reader for not being more helpful, or if I should blame Adobe because a document created using their software (the document’s properties show that it was created by Adobe Acrobat) led me to the conclusions I made. I lean towards the former — if only because of the different behaviour of Foxit Reader after the update and the fact that the update appears to address this very issue — but I do presume that the wording displayed previously (the so-called “best experience”) comes from Adobe and their software, and so could be worded to be more helpful and less biased. Clearly though, Foxit Reader is now identifying the nature of the file and displaying its own message, something it should have done before.

Below are screen captures showing what I see now on opening the file, on viewing the attachment list, and on opening the attachments.

Sticker shock on Canadian cell data rates

I had to do a double take after I put myself back into my chair and fastened my seatbelt when I saw the price of data transfer on the Virgin Mobile Canada website: $51 200 per gigabyte! Holy shit Batman! Are you kidding me? (See the “Canada Rates” tab at “Long Distance and Roaming“.) On a low-end high-speed Internet connection for a residential customer, that would translate into a bill of $6.4 million per month if you used your full bandwidth allotment! How is that justifiable when other packages on their site are advertised at a “mere” $15 per gigabyte, less than three ten-thousandths of the price? How is it justifiable, period?!

Virgin Mobile Canada data rate of $51 200 per GB!

Virgin Mobile Canada data rate of $51 200 per GB!

Virgin Mobile Canada data rate of $15 per GB.

Virgin Mobile Canada data rate of $15 per GB.

It just highlights what is common knowledge among any Canadians even vaguely aware of cell phone rates outside of Canada. We have among the highest rates (on voice and data) anywhere in the world — the absolute highest according to some surveys. Even Somalia, a Third World country in the thrall of pirates and warlords that has been without a functioning government for over two decades, has better and more competitive cell service than Canada. Why we put up with this, and why our government continues to allow the cell phone companies to gang together and collectively bend us over and screw us, is beyond my comprehension.

So having braved looking at a cell phone company’s website again, I’m going to retreat back into my Luddite cave as I head down the home stretch of my fifth year without the financial millstone of a cell phone hanging around my neck.

Some more links for your consideration:


Update, 14 March 2012: A glimmer of hope on the horizon: Ottawa opens telecom to foreigners, although the announcement is a bit of a mixed bag. Not that I think that “foreigners” are Canadians’ salvation, but our own countrymen (and -women) are quite happy to screw us. However, with Canada being the most expensive place on the planet to own and operate a cell phone, there is only one way for prices to go … assuming the tendency will be to head towards the middle of the pack, and not into the stratosphere! It’s competition and a smashing of the oligopoly that’s needed, and if that means that it takes Europeans, Asians or even Africans owning cell phone companies 100%, then so be it.

Fucking Microsoft

I hate it when software interrupts my day to tell me that I should download the latest and greatest version. I hate it even more when I must reboot to finish the installation or — when I have 37 million tabs open — Firefox tells me it must be restarted.

So whenever Windows tells me that updates are ready to be installed (I don’t allow anything to be installed without my reviewing the details first), I ignore that until I am ready to reboot. Why? (The full reasoning will become crystal clear in a moment.) Because despite the laughable assertion in the description of every Microsoft security update that the machine “may” need to be rebooted, the fact is that Microsoft is entirely incapable of updating any part of its operating system without requiring that the machine be rebooted.

But today there was one out-of-band security update that, based on its description, I figured shouldn’t require a reboot. So I let the update go ahead. Sure enough, a reboot was required. However, as is usually the case, I was busy and had a lot of stuff open and on the go, so I selected the option to reboot later.

And this is why I never do that: Because every few minutes you get this annoying, in-your-face pop-up that “helpfully” reminds you that you need to reboot. Combine that with the fact that I have my mouse pointer configured to “snap to” the default button in a dialogue box, and the fact that Microsoft “helpfully” makes the “reboot now” button the default button, and you have a recipe for disaster. Somehow I managed to avoid clicking the “reboot now” button for several hours, but eventually it popped up just at the instant I was clicking somewhere else on the screen.

Result: Machine reboots, and all of my work disappears in a puff of smoke.

Now, fortunately I didn’t lose much — I’m an obsessive ctrl-esser — but I did lose some text I was entering into a textarea on a web page. It could have been worse.

One thing I have noticed about the OpenOffice.org office suite is that, when a dialogue box pops up, the mouse pointer snaps to the middle of the dialogue, not the default button, and this is even for ones that you’re expecting. So I have to move the pointer a few pixels rather than just clicking on the default button; not a big deal, it’s close enough. On the other hand, it’s a big deal when your machine suddenly reboots as you helplessly watch all of your work swirl around the drain.

Bill? Are you listening?

BlackBerry/RIM. Going, going, gone?

A couple of years ago my company had a major server outage on a primary server that brought down websites and email for almost two and a half hours. Such outages are rare, but they happen, and they happen to small hosting companies like NinerNet as well as the giants. After that outage I wrote about the lessons learnt and, without trying to deflect attention or criticism away from us, I pointed out an extensive list of major service outages experienced by the likes of Google, Amazon, YouTube, Barclays Bank, MySpace, Facebook, PayPal, Microsoft, eBay, and so on.

Also in that list was BlackBerry/RIM, and this is what I wrote at the time on them in particular:

Have a Blackberry? Do you realise that all Blackberry emails in the whole world go through one data centre in central Canada, and if that data centre has a problem, you can still use your Blackberry for a paperweight? Nobody is immune; nobody gets away unscathed.

I’m under the impression that, since then, RIM expanded that single point of failure to create multiple points of failure (often under threat of sanctions by governments who want access to their citizens’ communications), and fail they have — worldwide — in the last few days. And for several days, not just a couple of hours.

Without wanting to gloat over a mortally-wounded about-to-be corpse, RIM’s problems weren’t that difficult to predict. Unfortunately for them they are, at this time, the victim of a perfect storm that includes (among other things) poor sales and share performance, product failures, the almost simultaneous (to their technical troubles) launch of a new messaging system on the iPhone to rival BlackBerry Messenger, and these latest technical troubles. But this perfect storm is of RIM’s own making, and their problems go deeper than that anyway; they go to the heart of their core philosophies.

Now, I’m no Apple fanboi (and in the wake of the death of Steve Jobs I commend to you What Everyone Is Too Polite to Say About Steve Jobs), but at least an iPhone more resembles a “proper” computer like the one you have on your desk than the toaster in your kitchen that can only do the one or two things its manufacturer decided in its infinite wisdom it needs to do. Mobile computers (aka “smartphones”) like the iPhone and those running on the Android operating system rely on open standards when it comes to things like email. In short, open standards and systems win. (That said, Apple is not the poster child for open standards and systems, and needs to change that.) There is no central super-server somewhere handling all email for all iPhone or Android users worldwide, just waiting to fail. With BlackBerry there is … or was. End of story.

If you swallowed RIM’s mantra about their system being de rigueur for business and the iPhone being “not for business”, you’re paying for that today.

Sorry for that.


Update, 30 May 2012: Seven months later and Roger Cheng at CNET finally comes to much the same conclusion.

Google search going downhill?

After being frustrated by the results in a Google search yet again, I submitted the following feedback to Google under the category “Google’s search results weren’t helpful” and the sub-category “The results included a page that was irrelevant”:

You searched for shaw vod 33319.

Please list which site or sites were irrelevant.

http://www.digitalhome.ca/forum/showthread.php?t=55214
http://www.digitalhome.ca/forum/showthread.php?t=127023
https://secure.shaw.ca/apps/digital_services/GuideErrors.asp

… and probably the rest of the results, but I didn’t go past the top three.

Why were they irrelevant?

I’m finding more and more that Google ignores one or more of my search terms, trying to be too clever for its own good. For example, while the third result on the secure.shaw.ca domain would be relevant if I was looking for a way to contact my cable company (Shaw) about the VOD (video on demand) error (33319) I am receiving, it’s absolutely useless as a result that tells me immediately what error 33319 is.

In this case “33319” does not even appear anywhere in the page at any of the top three search results. Why then are these pages included in the results if I’m searching for “all of the words” (Google’s wording) I have entered, and not “one or more of these words”? And this happens even when all of my search terms are actually words, unlike this case where one of the search terms is a string of numbers.

Please don’t make me use a Microsoft product for my searches. The last time I switched search engines was from AltaVista to Google.

For those of you with short memories or who weren’t around “BG” (before Google), AltaVista was the search engine back in the day. They even provided search results for Yahoo, before going into decline and eventually becoming a part of Yahoo. Now it’s just a point of entry into the Yahoo search system. I don’t even remember exactly when I switched, but it was probably in the early 2000’s.

Installing Zend Optimiser

I had a bit of an education on the confusing array of Zend products recently. A client needed Zend Optimizer (which, of course, Zend spells with a “z” to cater to the all-powerful American market) installed on their virtual private server (running Linux, of course), as the installation routine for a web application wouldn’t proceed without it. Fair enough. Some web applications are encoded so that they can’t be hacked (as opposed to cracked; see the difference), reverse engineered, modified, etc., and Zend Optimiser interprets the encoded PHP files so that they can run.

But I was confused. I thought Zend was installed with PHP by default. Turns out it’s Zend Engine that’s installed with PHP. So off I go to the interwebs to do some research. Take a look at these pages:

  • Zend Products: Here are listed Zend Server, Zend Server Cluster Manager, Zend Studio and Zend Guard — four products.
  • Zend Downloads: Here are listed Zend Server, Zend Server Cluster Manager, Zend Server Community Edition, Zend Studio, Zend Guard, Zend Optimizer, Zend Framework, Zend Core and Zend Platform. Phew! Nine products!

You don’t even see Zend Engine listed on either of the above pages, presumably because it’s installed with PHP by default.

So you click on Zend Optimiser and you’re presented with downloads for Zend Guard, Zend Optimiser and Zend Guard Loader. Huh? What’s what, where did Zend Guard Loader come from, and what is it?

Add to that that, in the back of my mind, I thought I had been down this road before on a different server that I’m sure already had a decoder installed. However, I figured out that I was probably thinking of Ioncube, and it had likely been installed with a control panel on that server.

Add further to that confusion the plethora of different instructions you find in a web search, some of which (including the “user guide” that is linked to right next to the Zend Optimizer download link) refer to an installation script which doesn’t exist in the download, and you can see why I was left scratching my head. At one point I even started following the RPM installation instructions on the Zend website, until I said to myself, “Wait a minute. This isn’t right.” Sure enough, those instructions were for a different Zend product.

The download does include what are referred to on some websites as “manual” installation instructions. They’re straightforward, but the confusing array of different options out there threw me off. In the end, the “manual” instructions did indeed work — and given the choice I’d prefer them anyway — and took all of about three minutes, far less time than I had already wasted.